Emva konyaka wophuhliso
Olona phuculo luphawulekayo longezwe ngexesha lophuhliso lwe-1.15.x yesebe elingasentla:
- Wongeze amandla okusebenzisa izinto eziguquguqukayo 'kwizikhokelo'
ssl_ isatifikethi 'Kwaye'ssl_certificate_key β, enokusetyenziselwa ukulayisha izatifikethi ngokuguqukayo; - Yongeza ukukwazi ukulayisha izatifikethi ze-SSL kunye nezitshixo ezifihlakeleyo ezivela kwizinto eziguquguqukayo ngaphandle kokusebenzisa iifayile eziphakathi;
- Kwibhloko "
phezulu Β» umgaqo omtsha uphunyeziwe Β«Ngandlela-thile β, ngoncedo onokuthi ngalo ulungelelanise ulungelelwaniso lomthwalo ngokhetho olungakhethiyo lweseva yokuthumela umdibaniso; - Kwimodyuli
ngx_stream_ssl_preread utshintsho luphunyeziwe$ssl_preread_protocol ,
exela olona guqulelo luphezulu lweprotocol ye SSL/TLS exhaswa ngumxhasi. Ukuguquguquka kuyavumelayenza ulungelelwaniso kunikezelo usebenzisa iindlela ezahlukeneyo zeprothokholi kunye nangaphandle kwe-SSL ngapha komsebenzi womnatha omnye wezibuko xa ubamba ummeli wetrafikhi usebenzisa i-http kunye nomjelo wemodyuli. Ngokomzekelo, ukulungelelanisa ukufikelela nge-SSH kunye ne-HTTPS nge-port enye, i-port 443 ingathunyelwa ngokungagqibekanga kwi-SSH, kodwa ukuba i-SSL version ichazwe, idlulisele kwi-HTTPS. - Utshintsho olutsha longezwe kwimodyuli ephezulu "
$ upstream_bytes_sent ", ebonisa inani leebhayithi ezigqithiselwe kumncedisi weqela; - Kwimodyuli
stream ngaphakathi kwiseshoni enye, ukukwazi ukucubungula ii-datagram ezininzi ze-UDP ezingenayo ezivela kumxhasi zongezwe; - Umyalelo "
izicelo_zommeli ", ichaza inani leedathagrams ezifunyenwe kumxhasi, ekufikeleleni apho ukubophelela phakathi komxhasi kunye neseshoni ye-UDP ekhoyo isusiwe. Emva kokufumana inani elichaziweyo leedathagram, idathagram elandelayo efunyenwe kumxhasi ofanayo iqala iseshoni entsha; - Umyalelo wokumamela ngoku unamandla okuchaza uluhlu lwezibuko;
- Umyalelo owongeziweyo "
ssl_early_data Β»ukuvumela indlela0-RTT xa usebenzisa i-TLSv1.3, ekuvumela ukuba ugcine iiparitha zoqhagamshelo lwe-TLS ekuxoxwe ngazo ngaphambili kwaye unciphise inani le-RTT ukuya kwi-2 xa uphinda uqalise uxhulumaniso olusekwe ngaphambili; - Izikhokelo ezitsha zongeziwe ukuqwalasela ugcino oluphilayo kuqhagamshelo oluphumayo (ukwenza okanye ukukhubaza i SO_KEEPALIVE ukhetho lwesokethi):
- Β«
iproxy_socket_keepalive " - iqwalasela "i-TCP keepalive" ukuziphatha kuqhagamshelo oluphumayo kumncedisi weproxied; - Β«
fastcgi_socket_keepalive "- iqwalasela "i-TCP keepalive" ukuziphatha koqhagamshelwano oluphumayo kwi-FastCGI iseva; - Β«
grpc_socket_keepalive " - iqwalasela ukuziphatha kwe "TCP keepalive" kuqhagamshelo oluphumayo kwiseva ye-gRPC; - Β«
memcached_socket_keepalive " - iqwalasela i "TCP keepalive" ukuziphatha kuqhagamshelo oluphumayo kumncedisi we memcached; - Β«
scgi_socket_keepalive " - iqwalasela i "TCP keepalive" ukuziphatha kuqhagamshelo oluphumayo kumncedisi we SCGI; - Β«
uwsgi_socket_keepalive " - iqwalasela i "TCP keepalive" ukuziphatha kuqhagamshelwano oluphumayo kumncedisi we uwsgi.
- Β«
- Kumyalelo "
umda_req" yongeza iparameter entsha "ukulibaziseka", ebeka umda emva kokuba izicelo ezingafunekiyo zilibaziseke; - Izikhokelo ezitsha "keepalive_timeout" kunye ne "keepalive_requests" zongezwe kwibhloko "ephezulu" ukubeka imida ye-Keepalive;
- Umyalelo "ssl" uyekisiwe, endaweni yawo kwafakwa ipharamitha "ssl" kumyalelo othi "mamela". Izatifikethi ze-SSL ezingekhoyo ngoku zichongiwe kwinqanaba lovavanyo loqwalaselo xa usebenzisa βmamelaβ imiyalelo nge βsslβ ipharamitha kwizicwangciso;
- Xa usebenzisa i-reset_timedout_connection directive, uqhagamshelo ngoku luvaliwe ngekhowudi ye-444 xa ixesha lokuvala liphelile;
- Iimpazamo ze-SSL "isicelo se-http", "i-https yesicelo sommeli", "iprothokholi engaxhaswanga" kunye "nohlobo oluphantsi kakhulu" ngoku ziboniswe kwilogi kunye nenqanaba "lolwazi" endaweni ye-"crit";
- Inkxaso eyongeziweyo yendlela yokuvota kwiinkqubo zeWindows xa usebenzisa iWindows Vista kwaye kamva;
- Ukukwazi ukusebenzisa
TLSv1.3 xa usakha ngethala leencwadi le-BoringSSL, hayi nje i-OpenSSL.
umthombo: opennet.ru